﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Windows.Forms;
using System.Data.OleDb;

namespace Login
{
//一、登录窗口的特征
//1、登录窗口大小不能缩放 MaximumSize = MinimumSize = Size
//2、窗口处于屏幕的顶层，正中央 TopMost    StartPosition
//3、任务条上没有出现 ShowInTaskbar
//4、不能有最大化最小化按钮 ControlBox  MaximizeBox MinimizeBox
//5、密码是掩码的形式 PasswordChar UserSystemPasswordChar
//6、焦点转移控制 TabIndex
//二、窗口的显示模式
//1、模式窗口（阻塞后续代码执行）——ShowDialog 返回值：DialogResult
//2、非模式窗口（不会阻塞后续代码执行）——Show

//按钮：DialogResult属性，点击按钮，窗口回关闭并且返回指定的响应值


//用户名：admin
//密码：admin
//要求：提供三次登录机会

//对象之间的数据交换（数据源、目标对象）：
//1、修改访问修饰符（不建议使用）——数据源
//2、属性——数据源
//3、方法
//4、构造函数
//5、.NET应用程序域

//基类：object

//访问修饰符
//private（自身类的内部使用、对象和子对象不能使用）
//public（自身类、子类、对象、子对象都可以使用）
//protected（对于子类表现像public，可以继承，对于对象和子对象表现类似private）

////.NET应用程序域
//全局内存区域：Name——Value
//Name重复，后续会替换前面的Value

    static class Program
    {
        /// <summary>
        /// 应用程序的主入口点。
        /// </summary>
        [STAThread]
        static void Main()
        {
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
            FormLogin frmLogin = new FormLogin();

            for (int i = 0; i < 3; i++)
            { 
            DialogResult dr = frmLogin.ShowDialog();
                if (dr == DialogResult.OK)
                {
                    //string strUser = frmLogin.tbUser.Text;
                    //string strPass = frmLogin.tbPass.Text;

                    //string strUser = frmLogin.GetUserName();
                    //string strPass = frmLogin.GetPassword();

                    //if (System.AppDomain.CurrentDomain.GetData("username") != null && System.AppDomain.CurrentDomain.GetData("password") != null)
                    //{
                    //    string strUser = System.AppDomain.CurrentDomain.GetData("username").ToString();
                    //    string strPass = System.AppDomain.CurrentDomain.GetData("password").ToString();

                    //    if (strUser == "admin" && strPass == "admin")
                    //    {
                    //        FormMain frmMain = new FormMain();
                    //        frmMain.Show();
                    //        Application.Run(frmMain);
                    //    }
                    //}

                    //frmLogin.UserName = "test";

                    string strConnString = "Provider = SQLOLEDB; Data Source =.; Integrated Security = SSPI; Initial Catalog = STUDB";
                    OleDbConnection oleDbConn = new OleDbConnection();
                    oleDbConn.ConnectionString = strConnString;
                    oleDbConn.Open();

                    OleDbCommand cmd = new OleDbCommand();
                    cmd.Connection = oleDbConn;
                    string strUser = frmLogin.UserName;
                    string strPass = frmLogin.Password;
                    //select* into test from USERACCOUNT
                    //insert into USERACCOUNT select* from test

                    //"select * from useraccount where username = '" + var1 "' and userpassword = '" + var2 "'""
                    //                                                     1                                           ' or '' = '   (绕过口令)
                    //                                                                                                 ' or '' = '';delete from useraccount where '' = '  (绕过口令并删除数据)
                    //采用字符串拼接：可读性性差；注入攻击
                    //string fmt = "select * from useraccount where username = '{0}' and userpassword = '{1}'";
                    //string sql = string.Format(fmt, strUser, strPass);
                    //SQL语句参数：SQL Server @Name  Oracle :Name  OLEDB ?  JDBC  ?  
                    //string sql = "select * from useraccount where username = ? and userpassword = ?";
                    string sql = @"select * from useraccount where username = ?;
                    select * from useraccount where username = ? and userpassword = ?";
                    cmd.CommandText = sql;
                    cmd.CommandType = System.Data.CommandType.Text;

                    cmd.Parameters.Clear();
                    OleDbParameter param = new OleDbParameter();
                    param.Value = strUser;
                    cmd.Parameters.Add(param);

                    param = new OleDbParameter();
                    param.Value = strUser;
                    cmd.Parameters.Add(param);

                    param = new OleDbParameter();
                    param.Value = strPass;
                    cmd.Parameters.Add(param);

                    OleDbDataReader reader = cmd.ExecuteReader();

                    if (reader.Read())
                    {
                        reader.NextResult();
                        if (reader.Read())
                        {
                            FormMain frmMain = new FormMain();
                            frmMain.Show();
                            Application.Run(frmMain);
                            break;
                        }
                        else
                        {
                            MessageBox.Show("兄弟，口令不正确！请与网管联系");
                        }
                    }
                    else
                    {
                        MessageBox.Show("用户名不存在！请与网管联系");
                    }

                    //string fmt = "用户ID：{0}   用户名：{1}    口令：{2}";
                    //while (reader.Read())
                    //{
                    //    MessageBox.Show(string.Format(fmt, reader.GetString(0), reader[1], reader["userpassword"].ToString()));
                    //}

                    //OleDbConnection oleDbConn = new OleDbConnection("Provider = SQLOLEDB; Data Source =.; Integrated Security = SSPI; Initial Catalog = STUDB");
                    //oleDbConn.Open();
                    //OleDbCommand cmd = new OleDbCommand("select * from useraccount", oleDbConn);
                    //OleDbDataReader reader = cmd.ExecuteReader();
                    //string fmt = "用户ID：{0}   用户名：{1}    口令：{2}";
                    //while (reader.Read())
                    //{
                    //    MessageBox.Show(string.Format(fmt, reader.GetString(0), reader[1], reader["userpassword"].ToString()));
                    //}
                }
            }
        }
    }
}
